Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection, slow web browsing/loading/media(s)


  • This topic is locked This topic is locked
16 replies to this topic

#1 melancholy88

melancholy88

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, Tx
  • Local time:05:02 AM

Posted 09 November 2013 - 11:26 PM

A few days I got an Ipod, installed Itunes of course, and about the same time my >Internet< started slowing down gradually to what what felt like a crippling standstill. Most sites would load very slowly (Forums, Hulu, Newegg, etc.) while other sites such as FB, Youtube, KissAnime would either not connect or just fail to load any text or media at all.  I Ran Scans (Avira) that showed no alerts to infections, defragged my Disk, used CCleaner nothing changed. FYI Games and Steam Games still connected and ran normally.

 

After uninstalling Itunes & even Restoring to a point a few weeks prior to.. the problem was still there. This also caused my Avire Internet Security program to turn off and disable all protection and would not allow me to Turn protection back on even when runnning as Admin.  Not sure what else to due I decided to Back up my media/files and Reformat and Reinstall Windows (Which I have done once before in 2.5 years of owning this rig) After a long-- series of Windows updates my system such as opening files and programs seems the same and running smoothly,  but my Internet browsing is the same, unable to load some sites and sluggish to others.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Admin at 17:42:03 on 2013-11-09
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4055.2805 [GMT -6:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
TB: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{76AAB582-D308-4FAA-A5C1-B46952D4AD57} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{FD87A3C7-74D7-4BCC-8ACB-A47528C77AB2} : DHCPNameServer = 192.168.42.129
SSODL: WebCheck - <orphaned>
x64-BHO: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
x64-TB: Avira SearchFree Toolbar: {41564952-412D-5637-00A7-7A786E7484D7} -
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z0hy8fej.default\
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-11-9 28600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203776]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-11-9 440392]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-11-9 440392]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2013-11-9 1164360]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-10-23 166352]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-11-9 105856]
R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2013-11-9 83160]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 ipgd;ASUS NX1101 Gigabit Ethernet Adapter Driver;C:\Windows\System32\drivers\ipgdnd60.sys [2013-11-9 43520]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-9 1255736]
.
=============== Created Last 30 ================
.
2013-11-09 23:24:40    388096    ----a-r-    C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-09 23:24:40    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-11-09 23:17:17    --------    d-----w-    C:\Users\Admin\AppData\Roaming\Avira
2013-11-09 23:12:52    --------    d-----w-    C:\ProgramData\AskPartnerNetwork
2013-11-09 23:12:52    --------    d-----w-    C:\Program Files (x86)\AskPartnerNetwork
2013-11-09 23:12:41    --------    d-----w-    C:\ProgramData\APN
2013-11-09 23:11:41    83160    ----a-w-    C:\Windows\System32\drivers\avnetflt.sys
2013-11-09 23:11:41    28600    ----a-w-    C:\Windows\System32\drivers\avkmgr.sys
2013-11-09 23:11:41    105856    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2013-11-09 23:11:40    --------    d-----w-    C:\ProgramData\Avira
2013-11-09 23:11:40    --------    d-----w-    C:\Program Files (x86)\Avira
2013-11-09 20:39:19    367104    ----a-w-    C:\Windows\System32\wcncsvc.dll
2013-11-09 20:39:19    276992    ----a-w-    C:\Windows\SysWow64\wcncsvc.dll
2013-11-09 20:31:03    311808    ----a-w-    C:\Windows\System32\msv1_0.dll
2013-11-09 20:31:03    257024    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2013-11-09 20:27:56    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-11-09 20:27:56    785512    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-11-09 20:27:56    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2013-11-09 20:27:56    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-11-09 20:23:12    99176    ----a-w-    C:\Windows\SysWow64\PresentationHostProxy.dll
2013-11-09 20:23:12    49472    ----a-w-    C:\Windows\SysWow64\netfxperf.dll
2013-11-09 20:23:12    48960    ----a-w-    C:\Windows\System32\netfxperf.dll
2013-11-09 20:23:12    444752    ----a-w-    C:\Windows\System32\mscoree.dll
2013-11-09 20:23:12    320352    ----a-w-    C:\Windows\System32\PresentationHost.exe
2013-11-09 20:23:12    297808    ----a-w-    C:\Windows\SysWow64\mscoree.dll
2013-11-09 20:23:12    295264    ----a-w-    C:\Windows\SysWow64\PresentationHost.exe
2013-11-09 20:23:12    1942856    ----a-w-    C:\Windows\System32\dfshim.dll
2013-11-09 20:23:12    1130824    ----a-w-    C:\Windows\SysWow64\dfshim.dll
2013-11-09 20:23:12    109912    ----a-w-    C:\Windows\System32\PresentationHostProxy.dll
2013-11-09 20:01:21    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-11-09 20:01:21    --------    d-----w-    C:\Windows\System32\Wat
2013-11-09 19:50:08    --------    d-----w-    C:\Users\Admin\AppData\Local\Diagnostics
2013-11-09 19:02:54    --------    d-----w-    C:\Users\Admin\AppData\Roaming\SpeedyPC Software
2013-11-09 19:02:54    --------    d-----w-    C:\Users\Admin\AppData\Roaming\DriverCure
2013-11-09 19:02:41    --------    d-----w-    C:\ProgramData\SpeedyPC Software
2013-11-09 18:50:08    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2013-11-09 18:50:08    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-11-09 18:50:08    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-11-09 18:50:08    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-11-09 18:50:08    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-11-09 18:50:08    100864    ----a-w-    C:\Windows\System32\fontsub.dll
2013-11-09 18:49:07    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-11-09 18:49:07    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-11-09 18:49:07    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-11-09 18:49:07    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-11-09 18:49:06    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-11-09 18:49:06    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-11-09 18:49:06    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-11-09 18:45:16    --------    d-----w-    C:\Windows\System32\MRT
2013-11-09 18:44:11    80896    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-11-09 18:44:11    22896    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-11-09 18:44:11    158720    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-11-09 18:44:10    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-11-09 18:44:10    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-11-09 18:41:20    243712    ----a-w-    C:\Windows\System32\drivers\ks.sys
2013-11-09 18:37:52    1975296    ----a-w-    C:\Windows\System32\CertEnroll.dll
2013-11-09 18:36:52    1328640    ----a-w-    C:\Windows\SysWow64\quartz.dll
2013-11-09 18:34:59    723456    ----a-w-    C:\Windows\System32\EncDec.dll
2013-11-09 18:33:59    9216    ----a-w-    C:\Windows\System32\rdrmemptylst.exe
2013-11-09 18:32:49    182272    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-11-09 18:32:49    1462784    ----a-w-    C:\Windows\System32\crypt32.dll
2013-11-09 18:32:49    140288    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-11-09 18:32:49    139264    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-11-09 18:32:49    1157632    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-11-09 18:32:48    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-11-09 18:32:18    --------    d-----w-    C:\Users\Admin\AppData\Local\Macromedia
2013-11-09 18:32:08    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-09 18:32:08    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-09 18:18:56    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-11-09 18:18:56    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-11-09 18:12:16    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-11-09 07:42:16    --------    d-----w-    C:\Windows.old
2013-11-09 06:31:19    10280728    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5B2252C2-A2E0-4619-A3C4-E65770C80775}\mpengine.dll
2013-11-09 06:31:17    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-09 06:31:00    --------    d-sh--w-    C:\Windows\Installer
2013-11-09 06:28:07    --------    d-----w-    C:\Users\Admin\AppData\Local\Microsoft Games
2013-11-09 06:26:47    --------    d-----w-    C:\Users\Admin\AppData\Local\Google
2013-11-09 06:24:40    139264    ----a-w-    C:\Windows\System32\cabview.dll
2013-11-09 06:24:40    132608    ----a-w-    C:\Windows\SysWow64\cabview.dll
2013-11-09 06:24:38    826368    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2013-11-09 06:24:38    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2013-11-09 06:24:38    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2013-11-09 06:24:12    --------    d-----w-    C:\Users\Admin\AppData\Local\Apps
2013-11-09 06:24:11    --------    d-----w-    C:\Users\Admin\AppData\Local\Deployment
2013-11-09 06:20:40    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2013-11-09 06:20:28    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2013-11-09 06:20:03    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2013-11-09 06:20:03    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-11-09 06:19:12    43520    ----a-w-    C:\Windows\System32\drivers\ipgdnd60.sys
2013-11-09 06:15:12    --------    d-----w-    C:\Users\Admin\AppData\Local\VirtualStore
.
==================== Find3M  ====================
.
.
============= FINISH: 17:42:28.38 ===============
 

 

Sorry for the long intro, but i really do need help.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 AM

Posted 14 November 2013 - 11:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/513556 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 melancholy88

melancholy88
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, Tx
  • Local time:05:02 AM

Posted 16 November 2013 - 11:58 AM

I disconnected from web, disabled Win Firewall, but my Avira AV would not let me disable anything, even when run as Admin. Unsure why, so log is with Avira still running. And Yes, I do have my Win Installation Disk.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736
Run by Admin at 10:46:03 on 2013-11-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4055.2872 [GMT -6:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{76AAB582-D308-4FAA-A5C1-B46952D4AD57} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{FD87A3C7-74D7-4BCC-8ACB-A47528C77AB2} : DHCPNameServer = 192.168.42.129
SSODL: WebCheck - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z0hy8fej.default\
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-11-9 28600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203776]
R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2013-11-10 622648]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-11-9 84024]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-11-9 108088]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-11-9 815160]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-11-9 105856]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 ipgd;ASUS NX1101 Gigabit Ethernet Adapter Driver;C:\Windows\System32\drivers\ipgdnd60.sys [2013-11-9 43520]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-9 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-9 1255736]
.
=============== Created Last 30 ================
.
2013-11-16 00:19:29    10280728    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{88CE7455-B49D-4041-ABA5-4641BC9E2F86}\mpengine.dll
2013-11-14 06:03:00    356864    ----a-w-    C:\Program Files\Internet Explorer\IEShims.dll
2013-11-14 06:03:00    278528    ----a-w-    C:\Program Files\Internet Explorer\sqmapi.dll
2013-11-14 06:03:00    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-14 06:03:00    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-14 06:03:00    257536    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-11-14 06:03:00    236032    ----a-w-    C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-11-14 06:03:00    217600    ----a-w-    C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-11-14 01:48:58    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-11-14 01:46:16    10280728    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-11-12 01:19:36    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-11-12 01:19:36    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-11-11 06:15:59    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-11 01:42:46    633856    ----a-w-    C:\Windows\System32\comctl32.dll
2013-11-11 01:41:53    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-11-11 01:40:40    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-11-11 01:38:56    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2013-11-10 21:48:26    --------    d-----w-    C:\Program Files (x86)\Steam
2013-11-10 21:48:26    --------    d-----w-    C:\Program Files (x86)\Common Files\Steam
2013-11-10 20:13:19    --------    d-----w-    C:\Users\Admin\AppData\Local\Apple Computer
2013-11-10 19:57:30    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-10 19:38:49    33240    ----a-w-    C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-11-10 19:38:16    --------    d-----w-    C:\Program Files\iPod
2013-11-10 19:38:15    --------    d-----w-    C:\Program Files\iTunes
2013-11-10 19:38:15    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-11-10 19:36:09    --------    d-----w-    C:\Program Files\Bonjour
2013-11-10 19:36:09    --------    d-----w-    C:\Program Files (x86)\Bonjour
2013-11-10 19:24:16    --------    d-----w-    C:\Users\Admin\AppData\Local\Apple
2013-11-10 08:23:30    --------    d-----w-    C:\Windows\System32\SPReview
2013-11-10 08:23:18    --------    d-----w-    C:\Windows\System32\EventProviders
2013-11-10 03:59:07    48976    ----a-w-    C:\Windows\System32\netfxperf.dll
2013-11-10 03:59:06    1942856    ----a-w-    C:\Windows\System32\dfshim.dll
2013-11-10 03:59:02    1130824    ----a-w-    C:\Windows\SysWow64\dfshim.dll
2013-11-10 03:57:59    95232    ----a-w-    C:\Windows\System32\cca.dll
2013-11-10 03:55:12    529408    ----a-w-    C:\Windows\System32\wbemcomn.dll
2013-11-10 03:55:12    244736    ----a-w-    C:\Program Files\Windows Portable Devices\sqmapi.dll
2013-11-10 03:55:00    244736    ----a-w-    C:\Windows\System32\sqmapi.dll
2013-11-10 00:23:30    --------    d-----w-    C:\Program Files (x86)\Guild Wars 2
2013-11-10 00:23:12    --------    d-----w-    C:\Users\Admin\AppData\Roaming\Guild Wars 2
2013-11-10 00:16:18    50053120    ----a-w-    C:\Program Files (x86)\GUTC40A.tmp
2013-11-10 00:16:18    --------    d-----w-    C:\Program Files (x86)\GUMC3FA.tmp
2013-11-09 23:47:50    --------    d-----w-    C:\Users\Admin\AppData\Roaming\PeaZip
2013-11-09 23:47:42    --------    d-----w-    C:\Program Files\PeaZip
2013-11-09 23:47:11    --------    d-----w-    C:\Users\Admin\AppData\Local\Programs
2013-11-09 23:17:17    --------    d-----w-    C:\Users\Admin\AppData\Roaming\Avira
2013-11-09 23:12:41    --------    d-----w-    C:\ProgramData\APN
2013-11-09 23:11:41    83160    ----a-w-    C:\Windows\System32\drivers\avnetflt.sys
2013-11-09 23:11:41    28600    ----a-w-    C:\Windows\System32\drivers\avkmgr.sys
2013-11-09 23:11:41    105856    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2013-11-09 23:11:40    --------    d-----w-    C:\ProgramData\Avira
2013-11-09 23:11:40    --------    d-----w-    C:\Program Files (x86)\Avira
2013-11-09 20:27:56    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-11-09 20:27:56    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2013-11-09 20:27:56    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-11-09 20:01:21    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-11-09 20:01:21    --------    d-----w-    C:\Windows\System32\Wat
2013-11-09 19:50:08    --------    d-----w-    C:\Users\Admin\AppData\Local\Diagnostics
2013-11-09 19:02:54    --------    d-----w-    C:\Users\Admin\AppData\Roaming\SpeedyPC Software
2013-11-09 19:02:54    --------    d-----w-    C:\Users\Admin\AppData\Roaming\DriverCure
2013-11-09 19:02:41    --------    d-----w-    C:\ProgramData\SpeedyPC Software
2013-11-09 18:49:07    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-11-09 18:49:07    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-11-09 18:49:07    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-11-09 18:49:07    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-11-09 18:49:06    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-11-09 18:49:06    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-11-09 18:49:06    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-11-09 18:45:16    --------    d-----w-    C:\Windows\System32\MRT
2013-11-09 18:44:11    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-11-09 18:44:11    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-11-09 18:44:11    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-11-09 18:44:11    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-11-09 18:44:10    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-11-09 18:39:11    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2013-11-09 18:39:10    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-11-09 18:39:10    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2013-11-09 18:38:24    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-11-09 18:36:51    514560    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2013-11-09 18:35:47    142336    ----a-w-    C:\Windows\System32\poqexec.exe
2013-11-09 18:34:59    723456    ----a-w-    C:\Windows\System32\EncDec.dll
2013-11-09 18:33:59    9216    ----a-w-    C:\Windows\System32\rdrmemptylst.exe
2013-11-09 18:33:59    77312    ----a-w-    C:\Windows\System32\rdpwsx.dll
2013-11-09 18:33:59    75120    ----a-w-    C:\Windows\System32\drivers\partmgr.sys
2013-11-09 18:33:59    149504    ----a-w-    C:\Windows\System32\rdpcorekmts.dll
2013-11-09 18:33:57    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2013-11-09 18:33:57    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
2013-11-09 18:33:57    3072    ----a-w-    C:\Windows\System32\dpnaddr.dll
2013-11-09 18:33:57    2560    ----a-w-    C:\Windows\SysWow64\dpnaddr.dll
2013-11-09 18:33:57    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2013-11-09 18:33:56    95744    ----a-w-    C:\Windows\System32\synceng.dll
2013-11-09 18:33:56    78336    ----a-w-    C:\Windows\SysWow64\synceng.dll
2013-11-09 18:33:54    31232    ----a-w-    C:\Windows\SysWow64\prevhost.exe
2013-11-09 18:33:54    31232    ----a-w-    C:\Windows\System32\prevhost.exe
2013-11-09 18:32:18    --------    d-----w-    C:\Users\Admin\AppData\Local\Macromedia
2013-11-09 18:32:08    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-09 18:32:08    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-09 18:26:16    --------    d-----w-    C:\Users\Admin\AppData\Local\Mozilla
2013-11-09 18:26:03    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-09 18:18:56    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-11-09 18:18:56    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-11-09 18:12:16    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-11-09 06:31:17    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-09 06:31:00    --------    d-sh--w-    C:\Windows\Installer
2013-11-09 06:28:07    --------    d-----w-    C:\Users\Admin\AppData\Local\Microsoft Games
2013-11-09 06:26:47    --------    d-----w-    C:\Users\Admin\AppData\Local\Google
2013-11-09 06:24:38    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2013-11-09 06:24:38    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2013-11-09 06:24:38    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2013-11-09 06:24:12    --------    d-----w-    C:\Users\Admin\AppData\Local\Apps
2013-11-09 06:24:11    --------    d-----w-    C:\Users\Admin\AppData\Local\Deployment
2013-11-09 06:20:40    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2013-11-09 06:20:28    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2013-11-09 06:20:03    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2013-11-09 06:20:03    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-11-09 06:19:12    43520    ----a-w-    C:\Windows\System32\drivers\ipgdnd60.sys
2013-11-09 06:15:12    --------    d-----w-    C:\Users\Admin\AppData\Local\VirtualStore
.
==================== Find3M  ====================
.
2013-11-11 06:15:59    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-10 18:59:50    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2013-11-10 18:59:49    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2013-10-12 08:45:20    2241536    ----a-w-    C:\Windows\System32\wininet.dll
2013-10-12 08:43:37    3959808    ----a-w-    C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33    2877952    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-10-12 05:44:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\Windows\System32\win32k.sys
.
============= FINISH: 10:46:11.89 ===============
 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:02 AM

Posted 19 November 2013 - 10:02 AM

Greetings melancholy88 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I am not sure this is malware related so this may not be the appropriate forum to deal with the issue but we will take a quick look anyway. Please do these things for me.

===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List devices >>(Problem only)<<

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FSS log
  • MiniToolBox log
  • Any change?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 melancholy88

melancholy88
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, Tx
  • Local time:05:02 AM

Posted 20 November 2013 - 08:47 PM

Hello Gary. My name is Julio and it's a pleasure to be acquainted. I should have no problems following your directions/guidelines. I'm  far from knowing what needs to be done or how to go about it so your assistance is well met and appreciated. I won't be making any kind of changes to my system unless instructed by your guidance to do so.

 

Logs:

 

Farbar Service Scanner Version: 10-11-2013
Ran by Admin (administrator) on 20-11-2013 at 19:13:43
Running from "C:\Users\Admin\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-13 19:48] - [2013-09-27 19:09] - 0497152 ____A (Microsoft Corporation) 79059559E89D06E8B80CE2944BE20228

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-11-10 19:40] - [2013-09-07 20:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Admin (administrator) on 20-11-2013 at 19:17:17
Running from "C:\Users\Admin\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

ASUS NX1101 Gigabit Ethernet Adapter = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Epitaph
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.tx.comcast.net.

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : hsd1.tx.comcast.net.
   Description . . . . . . . . . . . : ASUS NX1101 Gigabit Ethernet Adapter
   Physical Address. . . . . . . . . : 20-CF-30-D7-13-BC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:558:6022:41:54d4:8064:7afc:e24e(Preferred)
   Lease Obtained. . . . . . . . . . : Wednesday, November 20, 2013 6:37:55 PM
   Lease Expires . . . . . . . . . . : Friday, November 22, 2013 6:12:15 PM
   Link-local IPv6 Address . . . . . : fe80::89b1:3bdd:5beb:50f3%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 98.196.130.160(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Lease Obtained. . . . . . . . . . : Wednesday, November 20, 2013 6:37:54 PM
   Lease Expires . . . . . . . . . . : Sunday, November 24, 2013 6:37:54 PM
   Default Gateway . . . . . . . . . : fe80::6aef:bdff:fef0:6e2%10
                                       98.196.130.1
   DHCP Server . . . . . . . . . . . : 69.252.216.70
   DHCPv6 IAID . . . . . . . . . . . : 237031216
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-0F-8C-3C-20-CF-30-D7-13-BC
   DNS Servers . . . . . . . . . . . : 2001:558:feed::2
                                       2001:558:feed::1
                                       75.75.76.76
                                       75.75.75.75
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.tx.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.tx.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3076:2888:9d3b:7d5f(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3076:2888:9d3b:7d5f%13(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  cdns02.comcast.net
Address:  2001:558:feed::2

Name:    google.com
Addresses:  2607:f8b0:4000:801::1004
      173.194.115.64
      173.194.115.73
      173.194.115.69
      173.194.115.68
      173.194.115.70
      173.194.115.72
      173.194.115.66
      173.194.115.78
      173.194.115.65
      173.194.115.71
      173.194.115.67


Pinging google.com [2607:f8b0:4000:803::1008] with 32 bytes of data:
Reply from 2607:f8b0:4000:803::1008: time=16ms
Reply from 2607:f8b0:4000:803::1008: time=15ms

Ping statistics for 2607:f8b0:4000:803::1008:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 16ms, Average = 15ms
Server:  cdns02.comcast.net
Address:  2001:558:feed::2

Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=74ms TTL=48
Reply from 98.139.183.24: bytes=32 time=66ms TTL=50

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 66ms, Maximum = 74ms, Average = 70ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...20 cf 30 d7 13 bc ......ASUS NX1101 Gigabit Ethernet Adapter
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     98.196.130.1   98.196.130.160     20
     98.196.130.0    255.255.254.0         On-link    98.196.130.160    276
   98.196.130.160  255.255.255.255         On-link    98.196.130.160    276
   98.196.131.255  255.255.255.255         On-link    98.196.130.160    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    98.196.130.160    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    98.196.130.160    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    276 ::/0                     fe80::6aef:bdff:fef0:6e2
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:5ef5:79fb:3076:2888:9d3b:7d5f/128
                                    On-link
 10    276 2001:558:6022:41:54d4:8064:7afc:e24e/128
                                    On-link
 10    276 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::3076:2888:9d3b:7d5f/128
                                    On-link
 10    276 fe80::89b1:3bdd:5beb:50f3/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
x64-Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
x64-Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
x64-Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
x64-Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
x64-Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
x64-Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
x64-Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 17 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 18 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480] (Avira Operations GmbH & Co. KG)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/16/2013 01:03:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Faulting module name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Exception code: 0xc0000409
Fault offset: 0x00012c57
Faulting process id: 0x604
Faulting application start time: 0xccuac.exe0
Faulting application path: ccuac.exe1
Faulting module path: ccuac.exe2
Report Id: ccuac.exe3

Error: (11/16/2013 10:43:39 AM) (Source: Application Error) (User: )
Description: Faulting application name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Faulting module name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Exception code: 0xc0000409
Fault offset: 0x00012c57
Faulting process id: 0x988
Faulting application start time: 0xccuac.exe0
Faulting application path: ccuac.exe1
Faulting module path: ccuac.exe2
Report Id: ccuac.exe3

Error: (11/16/2013 10:43:35 AM) (Source: Application Error) (User: )
Description: Faulting application name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Faulting module name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Exception code: 0xc0000409
Fault offset: 0x00012c57
Faulting process id: 0xd68
Faulting application start time: 0xccuac.exe0
Faulting application path: ccuac.exe1
Faulting module path: ccuac.exe2
Report Id: ccuac.exe3

Error: (11/16/2013 10:43:27 AM) (Source: Application Error) (User: )
Description: Faulting application name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Faulting module name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Exception code: 0xc0000409
Fault offset: 0x00012c57
Faulting process id: 0xf1c
Faulting application start time: 0xccuac.exe0
Faulting application path: ccuac.exe1
Faulting module path: ccuac.exe2
Report Id: ccuac.exe3

Error: (11/16/2013 10:43:26 AM) (Source: Application Error) (User: )
Description: Faulting application name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Faulting module name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Exception code: 0xc0000409
Fault offset: 0x00012c57
Faulting process id: 0xfc0
Faulting application start time: 0xccuac.exe0
Faulting application path: ccuac.exe1
Faulting module path: ccuac.exe2
Report Id: ccuac.exe3

Error: (11/16/2013 10:43:25 AM) (Source: Application Error) (User: )
Description: Faulting application name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Faulting module name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Exception code: 0xc0000409
Fault offset: 0x00012c57
Faulting process id: 0x998
Faulting application start time: 0xccuac.exe0
Faulting application path: ccuac.exe1
Faulting module path: ccuac.exe2
Report Id: ccuac.exe3

Error: (11/16/2013 10:43:22 AM) (Source: Application Error) (User: )
Description: Faulting application name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Faulting module name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Exception code: 0xc0000409
Fault offset: 0x00012c57
Faulting process id: 0xe30
Faulting application start time: 0xccuac.exe0
Faulting application path: ccuac.exe1
Faulting module path: ccuac.exe2
Report Id: ccuac.exe3

Error: (11/16/2013 10:43:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Faulting module name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Exception code: 0xc0000409
Fault offset: 0x00012c57
Faulting process id: 0x36c
Faulting application start time: 0xccuac.exe0
Faulting application path: ccuac.exe1
Faulting module path: ccuac.exe2
Report Id: ccuac.exe3

Error: (11/16/2013 10:43:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Faulting module name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Exception code: 0xc0000409
Fault offset: 0x00012c57
Faulting process id: 0x734
Faulting application start time: 0xccuac.exe0
Faulting application path: ccuac.exe1
Faulting module path: ccuac.exe2
Report Id: ccuac.exe3

Error: (11/16/2013 10:43:20 AM) (Source: Application Error) (User: )
Description: Faulting application name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Faulting module name: ccuac.exe, version: 14.0.0.225, time stamp: 0x52289ef2
Exception code: 0xc0000409
Fault offset: 0x00012c57
Faulting process id: 0xc84
Faulting application start time: 0xccuac.exe0
Faulting application path: ccuac.exe1
Faulting module path: ccuac.exe2
Report Id: ccuac.exe3


System errors:
=============
Error: (11/17/2013 01:33:32 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.

Error: (11/17/2013 01:33:29 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.

Error: (11/17/2013 01:33:26 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.

Error: (11/17/2013 01:33:23 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.

Error: (11/17/2013 01:33:21 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.

Error: (11/17/2013 01:33:18 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.

Error: (11/17/2013 01:33:15 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.

Error: (11/17/2013 01:33:11 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.

Error: (11/17/2013 01:33:08 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.

Error: (11/17/2013 01:33:05 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.


Microsoft Office Sessions:
=========================
Error: (11/16/2013 01:03:51 PM) (Source: Application Error)(User: )
Description: ccuac.exe14.0.0.22552289ef2ccuac.exe14.0.0.22552289ef2c000040900012c5760401cee2fe96280bb0C:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exeC:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exed414dbb8-4ef1-11e3-9333-20cf30d713bc

Error: (11/16/2013 10:43:39 AM) (Source: Application Error)(User: )
Description: ccuac.exe14.0.0.22552289ef2ccuac.exe14.0.0.22552289ef2c000040900012c5798801cee2eb00647b2bC:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exeC:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe3e13676c-4ede-11e3-9381-20cf30d713bc

Error: (11/16/2013 10:43:35 AM) (Source: Application Error)(User: )
Description: ccuac.exe14.0.0.22552289ef2ccuac.exe14.0.0.22552289ef2c000040900012c57d6801cee2eafe4ce58eC:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exeC:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe3bfbd1ce-4ede-11e3-9381-20cf30d713bc

Error: (11/16/2013 10:43:27 AM) (Source: Application Error)(User: )
Description: ccuac.exe14.0.0.22552289ef2ccuac.exe14.0.0.22552289ef2c000040900012c57f1c01cee2eaf9477e7aC:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exeC:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe36f66aba-4ede-11e3-9381-20cf30d713bc

Error: (11/16/2013 10:43:26 AM) (Source: Application Error)(User: )
Description: ccuac.exe14.0.0.22552289ef2ccuac.exe14.0.0.22552289ef2c000040900012c57fc001cee2eaf8d9ff2dC:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exeC:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe3688eb6e-4ede-11e3-9381-20cf30d713bc

Error: (11/16/2013 10:43:25 AM) (Source: Application Error)(User: )
Description: ccuac.exe14.0.0.22552289ef2ccuac.exe14.0.0.22552289ef2c000040900012c5799801cee2eaf87866c2C:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exeC:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe36275302-4ede-11e3-9381-20cf30d713bc

Error: (11/16/2013 10:43:22 AM) (Source: Application Error)(User: )
Description: ccuac.exe14.0.0.22552289ef2ccuac.exe14.0.0.22552289ef2c000040900012c57e3001cee2eaf6740affC:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exeC:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe3422c860-4ede-11e3-9381-20cf30d713bc

Error: (11/16/2013 10:43:21 AM) (Source: Application Error)(User: )
Description: ccuac.exe14.0.0.22552289ef2ccuac.exe14.0.0.22552289ef2c000040900012c5736c01cee2eaf5f10012C:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exeC:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe339fec53-4ede-11e3-9381-20cf30d713bc

Error: (11/16/2013 10:43:21 AM) (Source: Application Error)(User: )
Description: ccuac.exe14.0.0.22552289ef2ccuac.exe14.0.0.22552289ef2c000040900012c5773401cee2eaf5a996caC:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exeC:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe3358830a-4ede-11e3-9381-20cf30d713bc

Error: (11/16/2013 10:43:20 AM) (Source: Application Error)(User: )
Description: ccuac.exe14.0.0.22552289ef2ccuac.exe14.0.0.22552289ef2c000040900012c57c8401cee2eaf53754bdC:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exeC:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe32e640fd-4ede-11e3-9381-20cf30d713bc


========================= Devices: ================================

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


**** End of log ****
 

 

As for changes.. (Post-Scans Browsing) None that I can notice. A short but longer than usual connection delay to more-often visited sites such as Youtube and Hulu, YT pages don't fully load, videos stuck on "loading" (< same Issue with Embeds) as for hulu seemed to be the same as YT but a few minutes later I tried again and that site was working normally again.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:02 AM

Posted 20 November 2013 - 08:58 PM

Hi Julio and welcome aboard.

 

Are you currently having only internet related issues?  Is there anything else going on?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 melancholy88

melancholy88
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, Tx
  • Local time:05:02 AM

Posted 21 November 2013 - 08:15 PM

Well for the most part, yes, it seems to be mostly (if not only) Internet related. But as stated in my OP I did end up doing a Reinstall of Win to try and remedy the problem (Due to my lack of PC Know-how). So most of the App's and programs that I frequently used are still on on my Ext.HD and I only have a few things actually moved back onto this HD.

 

As you suspected, I am also unsure of what these issues could be, but not knowing where to start or where to begin is what led me to posting this thread. Some guidance is all I am looking for to see if there is any kind of [Major] Issue or if my rig is just slowly running its days down.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:02 AM

Posted 21 November 2013 - 09:15 PM

Please run this.

===================================================

Running Chkdsk /r From Command Prompt

--------------------
  • Close any open programs
  • Click Start, Programs, Accessories
  • Right click on Command Prompt and select Run as Administrator
  • Copy and paste the following after the command prompt and press Enter

CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 10

  • Please allow the system to reboot on its own and run the program. This may take a bit of time
  • When completed your system will automatically reboot
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Any difference?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 melancholy88

melancholy88
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, Tx
  • Local time:05:02 AM

Posted 24 November 2013 - 01:08 PM

Well things didn't get worse, a slight improvement for what it's worth. FB seems a tad more responsive, web load times n general reduced a bit as well. YT Adverts load&play quickly without delay, but the videos gets about 5seconds of play before it just freezes. Refreshing yields about the same result.

 

P.S. I appreciate the help thus far.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:02 AM

Posted 24 November 2013 - 03:45 PM

It is my pleasure to work together with you to try to figure out what is going on.

Your computer is complaining about Avira so we need to remove it in order to either confirm or rule out the program being the cause of your issues. Please complete the removal by following the below steps.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Avira
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the program uninstall properly?
  • Any change in computer behavior?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:02 AM

Posted 27 November 2013 - 09:54 AM

Greetings,

Have you been able to uninstall Avira?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:02 AM

Posted 30 November 2013 - 07:30 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 melancholy88

melancholy88
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, Tx
  • Local time:05:02 AM

Posted 02 December 2013 - 07:53 PM

My apologies Gary, I just got back and then work today. Holiday you know, speaking of which I hope yours were well spent with food aplenty. I can do this latest step and see where we stand. I've been talking to a friend of mine and am thinking about giving the tower to him so he can try and address the would be problem(s) himself. Reason being that I am giving myself an early XMas present and ordered a new rig. So until I would like to continue with your guidance and see if I can fix this issue. Will post results soon, Thanks.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:02 AM

Posted 02 December 2013 - 07:55 PM

Sounds good. Whatever is best for you is fine on my end.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:02 AM

Posted 07 December 2013 - 02:28 PM

Hi Julio,

How are we doing?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users